Lucene search
ApacheCVELIST:CVE-2022-43717HistoryJan 16, 2023 - 10:08 a.m.
CVE-2022-43717 Apache Superset: Cross-Site Scripting on dashboards
2023-01-1610:08:04
CWE-79
apache
www.cve.org
5
apache superset
xss
cve-2022-43717
cross-site scripting
dashboard
authentication
EPSS
0.001
Percentile
32.6%
Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions.Β This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2022-43717
2023-01-16 11:15:10
osv
osv
CVE-2022-43717
2023-01-16 11:15:10
Apache Superset vulnerable to Cross-site Scripting
2023-01-16 12:30:18
nvd
nvd
CVE-2022-43717
2023-01-16 11:15:10
veracode
veracode
Cross-site Scripting (XSS)
2023-01-18 02:55:19
cnvd
cnvd
Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-05220)
2023-01-18 00:00:00
prion
prion
Design/Logic Flaw
2023-01-16 11:15:00
github
github
Apache Superset vulnerable to Cross-site Scripting
2023-01-16 12:30:18